One Hack to Rule Them All: Pervasive Account Takeovers in Integration Platforms
Unknown
Black Hat USA 2024 · Day 1 · Briefing
This talk, presented by K from the Chinese University of Hong Kong and Samsung Research America, unveils a critical new class of authorization attacks that lead to pervasive account takeovers across a wide spectrum of integration platforms. The research highlights fundamental vulnerabilities within how these platforms implement **OAuth 2.0** for **account linking**, a feature central to their functionality. By exploiting these flaws, attackers can gain unauthorized control over victim accounts, access sensitive data, and manipulate connected services.